just as a note, its not as simple as firing off an email to linux-distros and calling it a day.
qualys, one of the big firms (10,000+ customers across 130 countries. i.e. "professional researchers"), has even taken a stance against emailing linux-distros because of the restrictions and policies involved:
> Although contacting the linux-distros list has been clearly beneficial
> (they have thoroughly reviewed and tested the patches, and were able to
> prepare their kernel updates beforehand), we have reached the conclusion
> that it has become increasingly difficult to coordinate the disclosure
> of kernel vulnerabilities with both groups (the Linux kernel security
> team and the linux-distros list), because they have very different
> policies. From now on, we will coordinate the disclosure of kernel
> vulnerabilities with the Linux kernel security team only. We also
> apologize in advance for this.
Of course you want them to have sent an email to a mailing list. You're on a message board, and weren't involved in their disclosure process. Why not ask for everything that sounds reasonable to you? There's no cost to it for you. Maybe you can set their OKRs while you're at it.
There are (some, loose) norms of vulnerability disclosure, and this isn't one of them.
Have you considered that maybe it’s not the way it’s done?
It’s certainly a thing some people do. But there is not a unified consensus on how to handle vulnerabilities. Different security researchers (or, in fact, the same researchers releasing different findings) can and do take many different courses of action.
Directly from the dev of that game, who - since so few successful games have been released with Godot - often has random people point to R2V as an example:
> this game is far from being the "Godot 3D Showcase" game since I hardly even use normal maps and most of the assets are just low-poly shapes without any modern techniques (like PBR or photogrammetry)
> I've got some web applications I wrote that run perfectly on the MQ3, especially after I got target sizes up to WCAG AAA level and it is fun to put the headset on and crash out on the couch and get things done
One way to have better text in VR for 2D content is to make use of OpenXR composition layers:
Unreal 5 uses SDL to be able to create "windows" in a cross platform manner (specific use case, but not just a thing on Linux [1]). Many others do as well.
Would like to add Vox is nowhere near the other's popularity, and has received substantial donations from... Hungary. A total of 6.5 million euros during the 2023 elections.
Eh, I think its just that the infrastructure rewards having a car and not bikes. I thought the same before, only after experiencing for years the small things that make it possible, have I come around to it.
The little Honda City/Today with its trunk scooter from the 80's was ahead of its time, really. Its a path one should look at in large metropolitan areas. With electric bikes, even cities with large elevation deltas have a chance nowadays.
Shots in which the base plate was taken from live footage (crews trained in filming the sport) are stable and show all the action. Shots from Hollywood camera crews can barely keep up.
One may say this is a bad comparison point, and that it was an artistic choice, but I call bullshit on that. So much of the movie was based upon live footage that the ones that didn't just look amateurish.
And yet, both crews are professionals. It is difficult to film these things well.
Unless you have a really cheap production budget, there are multiple races with each race day being preceded by practice times and qualifiers. There's plenty of time to point a lens and get a feel for the tracking speed. It's not like there's a NASA launch weekly/monthly/annually. So yeah, I'm leaning on just an out of sync crew way more than this "anticipating a bad thing happening" theory
They are professional security researchers, they must know this is the way it is done in the ecosystem.
Kicking the can around leads nowhere.
reply